Security Vulnerabilities, CVEs, Published In November 2009 CVSS score >= 7
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Max CVSS
9.0
EPSS Score
5.81%
Published
2009-11-30
Updated
2018-10-10
Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string.
Max CVSS
9.3
EPSS Score
10.69%
Published
2009-11-29
Updated
2017-09-19
Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.
Max CVSS
7.5
EPSS Score
1.39%
Published
2009-11-29
Updated
2017-09-19
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-11-29
Updated
2011-07-26
Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
0.10%
Published
2009-11-29
Updated
2009-11-30
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Max CVSS
9.3
EPSS Score
1.79%
Published
2009-11-29
Updated
2017-08-17
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Max CVSS
9.3
EPSS Score
0.86%
Published
2009-11-29
Updated
2017-08-17
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
Max CVSS
9.3
EPSS Score
1.21%
Published
2009-11-29
Updated
2017-08-17
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-11-29
Updated
2017-08-17
Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
10.95%
Published
2009-11-29
Updated
2017-08-17
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
Max CVSS
7.5
EPSS Score
1.09%
Published
2009-11-29
Updated
2009-12-02
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.65%
Published
2009-11-29
Updated
2017-08-17
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.36%
Published
2009-11-29
Updated
2017-08-17
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
Max CVSS
7.5
EPSS Score
3.35%
Published
2009-11-29
Updated
2017-08-17
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
2.51%
Published
2009-11-29
Updated
2017-08-17
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-11-29
Updated
2018-10-10
PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.
Max CVSS
7.5
EPSS Score
14.31%
Published
2009-11-29
Updated
2017-08-17
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
Max CVSS
10.0
EPSS Score
0.77%
Published
2009-11-24
Updated
2018-10-30
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-11-24
Updated
2009-11-24
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-11-24
Updated
2017-08-17
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-11-24
Updated
2017-08-17
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-11-24
Updated
2017-08-17
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter.
Max CVSS
7.5
EPSS Score
2.18%
Published
2009-11-24
Updated
2009-11-24
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-11-23
Updated
2018-10-10
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-11-20
Updated
2009-11-23